diff --git a/src/content/changelog/waf/2025-07-28-waf-release.mdx b/src/content/changelog/waf/2025-07-28-waf-release.mdx new file mode 100644 index 000000000000000..780685029208747 --- /dev/null +++ b/src/content/changelog/waf/2025-07-28-waf-release.mdx @@ -0,0 +1,93 @@ +--- +title: "WAF Release - 2025-07-28" +description: Cloudflare WAF managed rulesets 2025-07-28 release +date: 2025-07-28 +--- + +import { RuleID } from "~/components"; + +This week’s update spotlights several vulnerabilities across Apache Tomcat, MongoDB, and Fortinet FortiWeb. Several flaws related with a memory leak in Apache Tomcat can lead to a denial-of-service attack. Additionally, a code injection flaw in MongoDB's Mongoose library allows attackers to bypass security controls to access restricted data. + + +**Key Findings** + +- Fortinet FortiWeb (CVE-2025-25257): An improper neutralization of special elements used in a SQL command vulnerability in Fortinet FortiWeb versions allows an unauthenticated attacker to execute unauthorized SQL code or commands. + +- Apache Tomcat (CVE-2025-31650): A improper Input Validation vulnerability in Apache Tomcat that could create memory leak when incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request. + +- MongoDB (CVE-2024-53900, CVE:CVE-2025-23061): Improper use of `$where` in match and a nested `$where` filter with a `populate()` match in Mongoose can lead to search injection. + +**Impact** + +These vulnerabilities target user-facing components, web application servers, and back-end databases. A SQL injection flaw in Fortinet FortiWeb can lead to data theft or system compromise. A separate issue in Apache Tomcat involves a memory leak from improper input validation, which could be exploited for a denial-of-service (DoS) attack. Finally, a vulnerability in MongoDB's Mongoose library allows attackers to bypass security filters and access unauthorized data through malicious search queries. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionComments
Cloudflare Managed Ruleset + + 100804BerriAI - SSRF - CVE:CVE-2024-6587LogDisabledThis is a New Detection
Cloudflare Managed Ruleset + + 100812Fortinet FortiWeb - Remote Code Execution - CVE:CVE-2025-25257LogBlockThis is a New Detection
Cloudflare Managed Ruleset + + 100813Apache Tomcat - DoS - CVE:CVE-2025-31650LogDisabledThis is a New Detection
Cloudflare Managed Ruleset + + 100815MongoDB - Remote Code Execution - CVE:CVE-2024-53900, CVE:CVE-2025-23061LogBlockThis is a New Detection
Cloudflare Managed Ruleset + + 100816MongoDB - Remote Code Execution - CVE:CVE-2024-53900, CVE:CVE-2025-23061LogBlockThis is a New Detection
diff --git a/src/content/changelog/waf/scheduled-waf-release.mdx b/src/content/changelog/waf/scheduled-waf-release.mdx index 7bbafb67a9f0117..4ac9a04ae481d0f 100644 --- a/src/content/changelog/waf/scheduled-waf-release.mdx +++ b/src/content/changelog/waf/scheduled-waf-release.mdx @@ -1,7 +1,7 @@ --- -title: WAF Release - Scheduled changes for 2025-07-28 -description: WAF managed ruleset changes scheduled for 2025-07-28 -date: 2025-07-21 +title: WAF Release - Scheduled changes for 2025-08-04 +description: WAF managed ruleset changes scheduled for 2025-08-04 +date: 2025-07-28 scheduled: true --- @@ -20,64 +20,93 @@ import { RuleID } from "~/components"; - - 2025-07-21 + 2025-07-28 + 2025-08-04 Log - 100804 + 100535A - + - BerriAI - SSRF - CVE:CVE-2024-6587 + Sitecore - Dangerous File Upload - CVE:CVE-2025-34510, CVE:CVE-2025-34511 This is a New Detection - - - 2025-07-21 - 2025-07-28 - Log - 100812 - - - - Fortinet FortiWeb - Remote Code Execution - CVE:CVE-2025-25257 - This is a New Detection - - - 2025-07-21 - 2025-07-28 - Log - 100813 - - - - Apache Tomcat - DoS - CVE:CVE-2025-31650 - This is a New Detection - - - 2025-07-21 - 2025-07-28 - Log - 100815 - - - - - MongoDB - Remote Code Execution - CVE:CVE-2024-53900, CVE:CVE-2025-23061 - - This is a New Detection - - - 2025-07-21 - 2025-07-28 - Log - 100816 - - - - - MongoDB - Remote Code Execution - CVE:CVE-2024-53900, CVE:CVE-2025-23061 - - This is a New Detection - + + + 2025-07-28 + 2025-08-04 + Log + 100535 + + + + Sitecore - Information Disclosure - CVE:CVE-2025-34509 + This is a New Detection + + + 2025-07-28 + 2025-08-04 + Log + 100543 + + + + Grafana - Directory Traversal - CVE:CVE-2025-4123 + This is a New Detection + + + 2025-07-28 + 2025-08-04 + Log + 100545 + + + + WordPress - Information Disclosure - CVE:CVE-2023-5561 + This is a New Detection + + + 2025-07-28 + 2025-08-04 + Log + 100820 + + + + CentOS WebPanel - Remote Code Execution - CVE:CVE-2025-48703 + This is a New Detection + + + 2025-07-28 + 2025-08-04 + Log + 100821 + + + + LaRecipe - SSTI - CVE:CVE-2025-53833 + This is a New Detection + + + 2025-07-28 + 2025-08-04 + Log + 100822 + + + + WordPress:Plugin:WPBookit - Remote Code Execution - CVE:CVE-2025-6058 + This is a New Detection + + + 2025-07-28 + 2025-08-04 + Log + 100823 + + + + WordPress:Theme:Motors - Privilege Escalation - CVE:CVE-2025-4322 + This is a New Detection +